commit 0b0847bed0c33485cd7f198d9a0698da18452e78 (HEAD -> mcatanzaro/#435)
Author: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Wed Jul 17 17:52:39 2019 -0500
Fix use-after-free in GcalManager code
This was originally discovered and fixed by Milan Crha; I'm just
forward-porting his fix to the master branch. self->clients takes
ownership of this source but we don't currently have ownership here,
leading to a double free vulnerability.
Fixes #435
diff --git a/src/core/gcal-manager.c b/src/core/gcal-manager.c
index 7760eccc..879695b1 100644
--- a/src/core/gcal-manager.c
+++ b/src/core/gcal-manager.c
@@ -269,7 +269,7 @@ on_calendar_created_cb (GObject *source_object,
client = gcal_calendar_get_client (calendar);
source = gcal_calendar_get_source (calendar);
- g_hash_table_insert (self->clients, source, calendar);
+ g_hash_table_insert (self->clients, g_object_ref (source), calendar);
if (visible)
{